ruby-activeldap 0.8.3 → 0.8.3.1

data/lib/active_ldap/escape.rb

@@ -0,0 +1,12 @@
+module ActiveLdap
+  module Escape
+    module_function
+    def ldap_filter_escape(str)
+      str.to_s.gsub(/\*/, "**")
+    end
+
+    def ldap_filter_unescape(str)
+      str.to_s.gsub(/\*\*/, "*")
+    end
+  end
+end

data/lib/active_ldap/get_text/parser.rb

@@ -0,0 +1,142 @@
+require 'active_ldap'
+require 'gettext/parser/ruby'
+
+module ActiveLdap
+  module GetText
+    class Parser
+      include GetText
+
+      def initialize(configuration=nil)
+        configuration = ensure_configuration(configuration)
+        configuration = default_configuration.merge(configuration)
+
+        configuration = extract_options(configuration)
+        ActiveLdap::Base.establish_connection(configuration)
+      end
+
+      def parse(file, targets=[])
+        targets = RubyParser.parse(file, targets) if RubyParser.target?(file)
+        extract(targets) do
+          load_constants(file).each do |name|
+            klass = name.constantize
+            next unless klass.is_a?(Class)
+            next unless klass < ActiveLdap::Base
+            register(klass.name.singularize.underscore.gsub(/_/, " "), file)
+            next unless @extract_schema
+            klass.classes.each do |object_class|
+              register_object_class(object_class, file)
+            end
+          end
+        end
+      end
+
+      def target?(file)
+        @classes_re.match(File.read(file))
+      end
+
+      def extract_all_in_schema(targets=[])
+        extract(targets) do
+          ActiveLdap::Base.schema.object_classes.each do |object_class|
+            register_object_class(object_class, "-")
+          end
+        end
+      end
+
+      private
+      def extract_options(configuration)
+        configuration = configuration.dup
+        classes = configuration.delete(:classes) || ["ActiveLdap::Base"]
+        @classes_re = /class.*#{Regexp.union(*classes)}/ #
+        @extract_schema = configuration.delete(:extract_schema)
+        configuration
+      end
+
+      def default_configuration
+        {
+          :host => "127.0.0.1",
+          :allow_anonymous => true,
+          :extract_schema => false,
+        }
+      end
+
+      def ensure_configuration(configuration)
+        configuration ||= ENV["RAILS_ENV"] || {}
+        if configuration.is_a?(String)
+          if File.exists?(configuration)
+            require 'erb'
+            require 'yaml'
+            configuration = YAML.load(ERB.new(File.read(configuration)).result)
+          else
+            ENV["RAILS_ENV"] = configuration
+            require 'config/environment'
+            configuration = ActiveLdap::Base.configurations[configuration]
+          end
+        end
+        if Object.const_defined?(:RAILS_ENV)
+          rails_configuration = ActiveLdap::Base.configurations[RAILS_ENV]
+          configuration = rails_configuration.merge(configuration)
+        end
+        configuration = configuration.symbolize_keys
+      end
+
+      def load_constants(file)
+        old_constants = Object.constants
+        begin
+          eval(File.read(file), TOPLEVEL_BINDING, file)
+        rescue
+          format = _("Ignored '%{file}'. Solve dependencies first.")
+          $stderr.puts(format % {:file => file})
+          $stderr.puts($!)
+        end
+        Object.constants - old_constants
+      end
+
+      def extract(targets)
+        @targets = {}
+        targets.each do |id, *file_infos|
+          @targets[id] = file_infos
+        end
+        yield
+        @targets.collect do |id, file_infos|
+          [id, *file_infos.uniq]
+        end.sort_by do |id,|
+          id
+        end
+      end
+
+      def register(id, file)
+        file_info = "#{file}:-"
+        @targets[id] ||= []
+        @targets[id] << file_info
+      end
+
+      def register_object_class(object_class, file)
+        [object_class.name, *object_class.aliases].each do |name|
+          register(ActiveLdap::Base.human_object_class_name_msgid(name), file)
+        end
+        if object_class.description
+          msgid =
+            ActiveLdap::Base.human_object_class_description_msgid(object_class)
+          register(msgid, file)
+        end
+        (object_class.must(false) + object_class.may(false)).each do |attribute|
+          register_attribute(attribute, file)
+        end
+        object_class.super_classes.each do |super_class|
+          register_object_class(super_class, file)
+        end
+      end
+
+      def register_attribute(attribute, file)
+        [attribute.name, *attribute.aliases].each do |name|
+          msgid = ActiveLdap::Base.human_attribute_name_msgid(name)
+          register(msgid, file) if msgid
+        end
+        if attribute.description
+          msgid = ActiveLdap::Base.human_attribute_description_msgid(attribute)
+          register(msgid, file)
+        end
+      end
+    end
+  end
+end

data/lib/active_ldap/get_text_fallback.rb

@@ -0,0 +1,53 @@
+module ActiveLdap
+  module GetTextFallback
+    class << self
+      def included(base)
+        base.extend(self)
+      end
+    end
+
+    module_function
+    def bindtextdomain(domain_name, *args)
+    end
+
+    def gettext(msg_id)
+      msg_id
+    end
+
+    def ngettext(arg1, arg2, arg3=nil)
+      if arg1.kind_of?(Array)
+        msg_id = arg1[0]
+        msg_id_plural = arg1[1]
+        n = arg2
+      else
+        msg_id = arg1
+        msg_id_plural = arg2
+        n = arg3
+      end
+      n == 1 ? msg_id : msg_id_plural
+    end
+
+    def N_(msg_id)
+      msg_id
+    end
+
+    def Nn_(msg_id, msg_id_plural)
+      [msg_id, msg_id_plural]
+    end
+
+    def sgettext(msg_id, div='|')
+      index = msg.rindex(div)
+      if index
+        msg[(index + 1)..-1]
+      else
+        msg
+      end
+    end
+
+    alias_method(:_, :gettext)
+    alias_method(:n_, :ngettext)
+    alias_method(:s_, :sgettext)
+  end
+
+  GetText = GetTextFallback
+end

data/lib/active_ldap/get_text_support.rb

@@ -0,0 +1,12 @@
+module ActiveLdap
+  module GetTextSupport
+    class << self
+      def included(base)
+        base.class_eval do
+          include(GetText)
+          bindtextdomain("active-ldap")
+        end
+      end
+    end
+  end
+end

data/lib/active_ldap/helper.rb

@@ -0,0 +1,23 @@
+module ActiveLdap
+  module Helper
+    def ldap_attribute_name_gettext(attribute)
+      Base.human_attribute_name(attribute)
+    end
+    alias_method(:la_, :ldap_attribute_name_gettext)
+
+    def ldap_attribute_description_gettext(attribute)
+      Base.human_attribute_description(attribute)
+    end
+    alias_method(:lad_, :ldap_attribute_description_gettext)
+
+    def ldap_object_class_name_gettext(object_class)
+      Base.human_object_class_name(object_class)
+    end
+    alias_method(:loc_, :ldap_object_class_name_gettext)
+
+    def ldap_object_class_description_gettext(object_class)
+      Base.human_object_class_description(object_class)
+    end
+    alias_method(:locd_, :ldap_object_class_description_gettext)
+  end
+end

data/lib/active_ldap/ldap_error.rb

@@ -0,0 +1,74 @@
+module ActiveLdap
+  class LdapError < Error
+    class << self
+      def define(code, name, target)
+        klass_name = name.downcase.camelize
+        target.module_eval(<<-EOC, __FILE__, __LINE__ + 1)
+          class #{klass_name} < #{self}
+            CODE = #{code}
+            def code
+              CODE
+            end
+          end
+EOC
+        target.const_get(klass_name)
+      end
+    end
+
+    ERRORS = {}
+    {
+      0x00 => "SUCCESS",
+      0x01 => "OPERATIONS_ERROR",
+      0x02 => "PROTOCOL_ERROR",
+      0x03 => "TIMELIMIT_EXCEEDED",
+      0x04 => "SIZELIMIT_EXCEEDED",
+      0x05 => "COMPARE_FALSE",
+      0x06 => "COMPARE_TRUE",
+      0x07 => "AUTH_METHOD_NOT_SUPPORTED",
+      0x08 => "STRONG_AUTH_REQUIRED",
+      0x09 => "PARTIAL_RESULTS", # LDAPv2+ (not LDAPv3)
+
+      0x0a => "REFERRAL",
+      0x0b => "ADMINLIMIT_EXCEEDED",
+      0x0c => "UNAVAILABLE_CRITICAL_EXTENSION",
+      0x0d => "CONFIDENTIALITY_REQUIRED",
+      0x0e => "LDAP_SASL_BIND_IN_PROGRESS",
+
+      0x10 => "NO_SUCH_ATTRIBUTE",
+      0x11 => "UNDEFINED_TYPE",
+      0x12 => "INAPPROPRIATE_MATCHING",
+      0x13 => "CONSTRAINT_VIOLATION",
+      0x14 => "TYPE_OR_VALUE_EXISTS",
+      0x15 => "INVALID_SYNTAX",
+
+      0x20 => "NO_SUCH_OBJECT",
+      0x21 => "ALIAS_PROBLEM",
+      0x22 => "INVALID_DN_SYNTAX",
+      0x23 => "IS_LEAF",
+      0x24 => "ALIAS_DEREF_PROBLEM",
+
+      0x2F => "PROXY_AUTHZ_FAILURE",
+      0x30 => "INAPPROPRIATE_AUTH",
+      0x31 => "INVALID_CREDENTIALS",
+      0x32 => "INSUFFICIENT_ACCESS",
+
+      0x33 => "BUSY",
+      0x34 => "UNAVAILABLE",
+      0x35 => "UNWILLING_TO_PERFORM",
+      0x36 => "LOOP_DETECT",
+
+      0x40 => "NAMING_VIOLATION",
+      0x41 => "OBJECT_CLASS_VIOLATION",
+      0x42 => "NOT_ALLOWED_ON_NONLEAF",
+      0x43 => "NOT_ALLOWED_ON_RDN",
+      0x44 => "ALREADY_EXISTS",
+      0x45 => "NO_OBJECT_CLASS_MODS",
+      0x46 => "RESULTS_TOO_LARGE",
+      0x47 => "AFFECTS_MULTIPLE_DSAS",
+
+      0x50 => "OTHER",
+    }.each do |code, name|
+      ERRORS[code] = LdapError.define(code, name, self)
+    end
+  end
+end

data/lib/active_ldap/object_class.rb

@@ -0,0 +1,93 @@
+module ActiveLdap
+  module ObjectClass
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    module ClassMethods
+      def classes
+        required_classes.collect do |name|
+          schema.object_class(name)
+        end
+      end
+    end
+
+    def add_class(*target_classes)
+      replace_class((classes + target_classes.flatten).uniq)
+    end
+
+    def ensure_recommended_classes
+      add_class(self.class.recommended_classes)
+    end
+
+    def remove_class(*target_classes)
+      replace_class((classes - target_classes.flatten).uniq)
+    end
+
+    def replace_class(*target_classes)
+      new_classes = target_classes.flatten.uniq
+      assert_object_classes(new_classes)
+      if new_classes.sort != classes.sort
+        set_attribute('objectClass', new_classes)
+      end
+    end
+
+    def classes
+      (get_attribute('objectClass', true) || []).dup
+    end
+
+    private
+    def assert_object_classes(new_classes)
+      assert_valid_object_class_value_type(new_classes)
+      assert_valid_object_class_value(new_classes)
+      assert_have_all_required_classes(new_classes)
+    end
+
+    def assert_valid_object_class_value_type(new_classes)
+      invalid_classes = new_classes.reject do |new_class|
+        new_class.is_a?(String)
+      end
+      unless invalid_classes.empty?
+        format = _("Value in objectClass array is not a String: %s")
+        invalid_classes_info = invalid_classes.collect do |invalid_class|
+          "#{invalid_class.class}:#{invalid_class.inspect}"
+        end.join(", ")
+        raise TypeError, format % invalid_classes_info
+      end
+    end
+
+    def assert_valid_object_class_value(new_classes)
+      _schema = schema
+      invalid_classes = new_classes.reject do |new_class|
+        !_schema.object_class(new_class).id.nil?
+      end
+      unless invalid_classes.empty?
+        format = _("unknown objectClass in LDAP server: %s")
+        message = format % invalid_classes.join(', ')
+        raise ObjectClassError, message
+      end
+    end
+
+    def assert_have_all_required_classes(new_classes)
+      _schema = schema
+      normalized_new_classes = new_classes.collect(&:downcase)
+      required_classes = self.class.required_classes
+      required_classes = required_classes.reject do |required_class_name|
+        normalized_new_classes.include?(required_class_name.downcase) or
+          (normalized_new_classes.find do |new_class|
+             required_class = _schema.object_class(required_class_name)
+             _schema.object_class(new_class).super_class?(required_class)
+           end)
+      end
+      unless required_classes.empty?
+        format = _("Can't remove required objectClass: %s")
+        required_class_names = required_classes.collect do |required_class|
+          required_class = _schema.object_class(required_class)
+          self.class.human_object_class_name(required_class)
+        end
+        message = format % required_class_names.join(", ")
+        raise RequiredObjectClassMissed, message
+      end
+    end
+  end
+end

data/lib/active_ldap/operations.rb

@@ -0,0 +1,419 @@
+module ActiveLdap
+  module Operations
+    class << self
+      def included(base)
+        super
+        base.class_eval do
+          extend(Common)
+          extend(Find)
+          extend(LDIF)
+          extend(Delete)
+          extend(Update)
+
+          include(Common)
+          include(Find)
+          include(LDIF)
+          include(Delete)
+          include(Update)
+        end
+      end
+    end
+
+    module Common
+      VALID_SEARCH_OPTIONS = [:attribute, :value, :filter, :prefix,
+                              :classes, :scope, :limit, :attributes,
+                              :sort_by, :order, :connection]
+
+      def search(options={}, &block)
+        validate_search_options(options)
+        attr = options[:attribute]
+        value = options[:value] || '*'
+        filter = options[:filter]
+        prefix = options[:prefix]
+        classes = options[:classes]
+
+        value = value.first if value.is_a?(Array) and value.first.size == 1
+        if filter.nil? and !value.is_a?(String)
+          message = _("Search value must be a String: %s") % value.inspect
+          raise ArgumentError, message
+        end
+
+        _attr, value, _prefix = split_search_value(value)
+        attr ||= _attr || dn_attribute || "objectClass"
+        prefix ||= _prefix
+        filter ||= [attr, value]
+        filter = [:and, filter, *object_class_filters(classes)]
+        _base = [prefix, base].compact.reject{|x| x.empty?}.join(",")
+        if options.has_key?(:ldap_scope)
+          logger.warning do
+            _(":ldap_scope search option is deprecated. Use :scope instead.")
+          end
+          options[:scope] ||= options[:ldap_scope]
+        end
+        search_options = {
+          :base => _base,
+          :scope => options[:scope] || scope,
+          :filter => filter,
+          :limit => options[:limit],
+          :attributes => options[:attributes],
+          :sort_by => options[:sort_by],
+          :order => options[:order],
+        }
+
+        conn = options[:connection] || connection
+        conn.search(search_options) do |dn, attrs|
+          attributes = {}
+          attrs.each do |key, value|
+            normalized_attr, normalized_value =
+              normalize_attribute_options(key, value)
+            attributes[normalized_attr] ||= []
+            attributes[normalized_attr].concat(normalized_value)
+          end
+          value = [dn, attributes]
+          value = yield(value) if block_given?
+          value
+        end
+      end
+
+      def exist?(dn, options={})
+        attr, value, prefix = split_search_value(dn)
+
+        options_for_leaf = {
+          :attribute => attr,
+          :value => value,
+          :prefix => prefix,
+        }
+
+        attribute = attr || dn_attribute || "objectClass"
+        options_for_non_leaf = {
+          :attribute => attr,
+          :value => value,
+          :prefix => ["#{attribute}=#{value}", prefix].compact.join(","),
+          :scope => :base,
+        }
+
+        !search(options_for_leaf.merge(options)).empty? or
+          !search(options_for_non_leaf.merge(options)).empty?
+      end
+      alias_method :exists?, :exist?
+
+      def count(options={})
+        search(options).size
+      end
+
+      private
+      def validate_search_options(options)
+        options.assert_valid_keys(VALID_SEARCH_OPTIONS)
+      end
+
+      def extract_options_from_args!(args)
+        args.last.is_a?(Hash) ? args.pop : {}
+      end
+
+      def ensure_dn_attribute(target)
+        "#{dn_attribute}=" +
+          target.gsub(/^\s*#{Regexp.escape(dn_attribute)}\s*=\s*/i, '')
+      end
+
+      def ensure_base(target)
+        [truncate_base(target),  base].join(',')
+      end
+
+      def truncate_base(target)
+        if /,/ =~ target
+          begin
+            (DN.parse(target) - DN.parse(base)).to_s
+          rescue DistinguishedNameInvalid, ArgumentError
+            target
+          end
+        else
+          target
+        end
+      end
+
+      def object_class_filters(classes=nil)
+        (classes || required_classes).collect do |name|
+          ["objectClass", Escape.ldap_filter_escape(name)]
+        end
+      end
+
+      def split_search_value(value)
+        attr = prefix = nil
+        begin
+          dn = DN.parse(value)
+          attr, value = dn.rdns.first.to_a.first
+          rest = dn.rdns[1..-1]
+          prefix = DN.new(*rest).to_s unless rest.empty?
+        rescue DistinguishedNameInvalid
+          begin
+            dn = DN.parse("DUMMY=#{value}")
+            _, value = dn.rdns.first.to_a.first
+            rest = dn.rdns[1..-1]
+            prefix = DN.new(*rest).to_s unless rest.empty?
+          rescue DistinguishedNameInvalid
+          end
+        end
+
+        prefix = nil if prefix == base
+        prefix = truncate_base(prefix) if prefix
+        [attr, value, prefix]
+      end
+    end
+
+    module Find
+      # find
+      #
+      # Finds the first match for value where |value| is the value of some
+      # |field|, or the wildcard match. This is only useful for derived classes.
+      # usage: Subclass.find(:attribute => "cn", :value => "some*val")
+      #        Subclass.find('some*val')
+      def find(*args)
+        options = extract_options_from_args!(args)
+        args = [:first] if args.empty? and !options.empty?
+        case args.first
+        when :first
+          find_initial(options)
+        when :all
+          options[:value] ||= args[1]
+          find_every(options)
+        else
+          find_from_dns(args, options)
+        end
+      end
+
+      private
+      def find_initial(options)
+        find_every(options.merge(:limit => 1)).first
+      end
+
+      def normalize_sort_order(value)
+        case value.to_s
+        when /\Aasc(?:end)?\z/i
+          :ascend
+        when /\Adesc(?:end)?\z/i
+          :descend
+        else
+          raise ArgumentError, _("Invalid order: %s") % value.inspect
+        end
+      end
+
+      def find_every(options)
+        options = options.dup
+        sort_by = options.delete(:sort_by)
+        order = options.delete(:order)
+        limit = options.delete(:limit) if sort_by or order
+
+        results = search(options).collect do |dn, attrs|
+          instantiate([dn, attrs, {:connection => options[:connection]}])
+        end
+        return results if sort_by.nil? and order.nil?
+
+        sort_by ||= "dn"
+        if sort_by.downcase == "dn"
+          results = results.sort_by {|result| DN.parse(result.dn)}
+        else
+          results = results.sort_by {|result| result.send(sort_by)}
+        end
+
+        results.reverse! if normalize_sort_order(order || "ascend") == :descend
+        results = results[0, limit] if limit
+        results
+      end
+
+      def find_from_dns(dns, options)
+        expects_array = dns.first.is_a?(Array)
+        return [] if expects_array and dns.first.empty?
+
+        dns = dns.flatten.compact.uniq
+
+        case dns.size
+        when 0
+          raise EntryNotFound, _("Couldn't find %s without a DN") % name
+        when 1
+          result = find_one(dns.first, options)
+          expects_array ? [result] : result
+        else
+          find_some(dns, options)
+        end
+      end
+
+      def find_one(dn, options)
+        attr, value, prefix = split_search_value(dn)
+        filter = [attr || dn_attribute, Escape.ldap_filter_escape(value)]
+        filter = [:and, filter, options[:filter]] if options[:filter]
+        options = {:prefix => prefix}.merge(options.merge(:filter => filter))
+        result = find_initial(options)
+        if result
+          result
+        else
+          args = [name, dn]
+          if options[:filter]
+            format = _("Couldn't find %s: DN: %s: filter: %s")
+            args << options[:filter].inspect
+          else
+            format = _("Couldn't find %s: DN: %s")
+          end
+          raise EntryNotFound, format % args
+        end
+      end
+
+      def find_some(dns, options)
+        dn_filters = dns.collect do |dn|
+          attr, value, prefix = split_search_value(dn)
+          attr ||= dn_attribute
+          filter = [attr, value]
+          if prefix
+            filter = [:and,
+                      filter,
+                      [dn, "*,#{Escape.ldap_filter_escape(prefix)},#{base}"]]
+          end
+          filter
+        end
+        filter = [:or, *dn_filters]
+        filter = [:and, filter, options[:filter]] if options[:filter]
+        result = find_every(options.merge(:filter => filter))
+        if result.size == dns.size
+          result
+        else
+          args = [name, dns.join(', ')]
+          if options[:filter]
+            format = _("Couldn't find all %s: DNs (%s): filter: %s")
+            args << options[:filter].inspect
+          else
+            format = _("Couldn't find all %s: DNs (%s)")
+          end
+          raise EntryNotFound, format % args
+        end
+      end
+
+      def ensure_dn(target)
+        attr, value, prefix = split_search_value(target)
+        "#{attr || dn_attribute}=#{value},#{prefix || base}"
+      end
+    end
+
+    module LDIF
+      def dump(options={})
+        ldifs = []
+        options = {:base => base, :scope => scope}.merge(options)
+        conn = options[:connection] || connection
+        conn.search(options) do |dn, attributes|
+          ldifs << to_ldif(dn, attributes)
+        end
+        ldifs.join("\n")
+      end
+
+      def to_ldif(dn, attributes, options={})
+        conn = options[:connection] || connection
+        conn.to_ldif(dn, unnormalize_attributes(attributes))
+      end
+
+      def load(ldifs, options={})
+        conn = options[:connection] || connection
+        conn.load(ldifs)
+      end
+    end
+
+    module Delete
+      def destroy(targets, options={})
+        targets = [targets] unless targets.is_a?(Array)
+        targets.each do |target|
+          find(target, options).destroy
+        end
+      end
+
+      def destroy_all(filter=nil, options={})
+        targets = []
+        if filter.is_a?(Hash)
+          options = options.merge(filter)
+          filter = nil
+        end
+        options = options.merge(:filter => filter) if filter
+        find(:all, options).sort_by do |target|
+          target.dn.reverse
+        end.reverse.each do |target|
+          target.destroy
+        end
+      end
+
+      def delete(targets, options={})
+        targets = [targets] unless targets.is_a?(Array)
+        targets = targets.collect do |target|
+          ensure_dn_attribute(ensure_base(target))
+        end
+        conn = options[:connection] || connection
+        conn.delete(targets, options)
+      end
+
+      def delete_all(filter=nil, options={})
+        options = {:base => base, :scope => scope}.merge(options)
+        options = options.merge(:filter => filter) if filter
+        conn = options[:connection] || connection
+        targets = conn.search(options).collect do |dn, attributes|
+          dn
+        end.sort_by do |dn|
+          dn.upcase.reverse
+        end.reverse
+
+        conn.delete(targets)
+      end
+    end
+
+    module Update
+      def add_entry(dn, attributes, options={})
+        unnormalized_attributes = attributes.collect do |type, key, value|
+          [type, key, unnormalize_attribute(key, value)]
+        end
+        conn = options[:connection] || connection
+        conn.add(dn, unnormalized_attributes, options)
+      end
+
+      def modify_entry(dn, attributes, options={})
+        unnormalized_attributes = attributes.collect do |type, key, value|
+          [type, key, unnormalize_attribute(key, value)]
+        end
+        conn = options[:connection] || connection
+        conn.modify(dn, unnormalized_attributes, options)
+      end
+
+      def update(dn, attributes, options={})
+        if dn.is_a?(Array)
+          i = -1
+          dns = dn
+          dns.collect do |dn|
+            i += 1
+            update(dn, attributes[i], options)
+          end
+        else
+          object = find(dn, options)
+          object.update_attributes(attributes)
+          object
+        end
+      end
+
+      def update_all(attributes, filter=nil, options={})
+        search_options = options.dup
+        if filter
+          if filter.is_a?(String) and /[=\(\)&\|]/ !~ filter
+            search_options = search_options.merge(:value => filter)
+          else
+            search_options = search_options.merge(:filter => filter)
+          end
+        end
+        targets = search(search_options).collect do |dn, attrs|
+          dn
+        end
+
+        unnormalized_attributes = attributes.collect do |name, value|
+          normalized_name, normalized_value = normalize_attribute(name, value)
+          [:replace, normalized_name,
+           unnormalize_attribute(normalized_name, normalized_value)]
+        end
+        conn = options[:connection] || connection
+        targets.each do |dn|
+          conn.modify(dn, unnormalized_attributes, options)
+        end
+      end
+    end
+  end
+end